[nSLUG] my system was cracked!

Donald Teed donald.teed at gmail.com
Sun Jun 4 00:46:03 ADT 2006


The only successful exploits I have witnessed are via web applications.
I'm guessing that your postgres was used in tandem with some
application - perhaps with the web.

Perhaps a web app was the weak point and they
used an exploit to upload a backdoor and open up access,
or reveal a password used to connect to the DB.

For web applications, the simplest rule you can follow
is to not install them in the default folder name.  Script kiddies
are pretty basic.  They scan all IPs for http://<IP>/<Project name>
(e.g. phpBB, postnuke, bitweaver, phpmyadmin, etc.)
If you simply rename those folders to something non-default,
then unless your site is infamous, it is much less likely to
be discovered by script kiddies.

Many web applications are not available through OS
packages, and thus they fall out of the maintenance cycle.
It requires active checking, or a subscription to freshmeat
or similar to know when there is an exploit and/or
fix for web applications.



More information about the nSLUG mailing list